Difference between #6 and #5 of How to add more information to Yii::app()->user

CWebUser, authentication

By default, the expression Yii::app()->user returns a [CWebUser] [application
component](http://www.yiiframework.com/doc/guide/basics.application#application-component)
which represents the information that are closely related with the current user.
Some information can be persistent throughout the current user session. For
example, [CWebUser] already comes with a [name|CWebUser::name] property that
stores the username of the current user.

In order to store more information, we need to modify the
[identity|IUserIdentity][identity|CUserIdentity] class
used together with [CWebUser]. Each application may have one or several identity
classes which are mainly responsible to provide ways of performing user
[authentication](http://www.yiiframework.com/doc/guide/topics.auth). 

Here we use the `UserIdentity` class included in the `testdrive` application as
an example, assuming our goal is to add the ID and the last login time of the
user to [CWebUser]. We would modify `UserIdentity` as follows,

~~~
[php]
class UserIdentity extends CUserIdentity
{
	private $_id;
	
	public function authenticate()
	{
		$user=User::model()->findByAttributes(array('username'=>$this->username));
		if($user===null)
			$this->errorCode=self::ERROR_USERNAME_INVALID;
		else if($user->password!==md5($this->password))
			$this->errorCode=self::ERROR_PASSWORD_INVALID;
		else
		{
			$this->_id=$user->id;
			$this->setState('lastLoginTime', $user->lastLoginTime);
			$this->errorCode=self::ERROR_NONE;
		}
		return !$this->errorCode;
	}
	
	public function getId()
	{
		return $this->_id;
	}
}
~~~

In the above, during authentication we retrieve the ID and the last login time
information of the authenticated user. We save the ID in a private variable
`$_id` and save `lastLoginTime` in a state by calling `setState()`. The reason
that we use different approaches to save `id` and `lastLoginTime` is because
`id` is a pre-defined property that is recognized by [CWebUser]. If we want to
store more information, we should use `setState()`, like we do with
`lastLoginTime`.

We also override the `getId()` method to return the private variable `$_id`. The
parent implementation is to return the username.

That's all we need. Now if we want to retrieve the `id` or `lastLoginTime`
information in our code, we can do the following:

~~~
[php]
$id=Yii::app()->user->id;
$lastLoginTime=Yii::app()->user->lastLoginTime;
// If you are using version 1.0.2 or earlier, you should use the following:
// $lastLoginTime=Yii::app()->user->getState('lastLoginTime');
~~~

> Note: When cookie-based authentication is enabled (by setting
[CWebUser::allowAutoLogin] to be true), these persistent information will be
stored in cookie. Therefore, you should NOT store sensitive information (e.g.
password) like we do in the above.

**Related article**  
The method explained above stores the user data into session or cookies when the
user authenticates, there is another method of retrieveing user information from
database directly:  
[Add information to Yii::app()->user by extending
CWebUser](http://www.yiiframework.com/doc/cookbook/60/)

Links
-----

- [Chinese version](http://www.itkuaixun.com/bbs/thread-63-1-2.html
"Chinese version")